First The BEAST Threatened Us, But Now We Have Worse Things To Worry About
Sep 23, 2013
In Learning Tree’s Cloud Security Essentials course we have been discussing the BEAST attack. I wrote about it here last spring. Things have shifted recently, it’s time to update the discussion. TLS 1.0 and earlier SSL versions had a serious flaw that allowed an attacker to recover small fragments of cleartext, exposing authentication credentials. The […]
Why Must We Still Fear the BEAST, and What Can We Do?
May 7, 2012
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]